Re: [jose] Payment Perspective on draft-jones-jose-jws-signing-input-options 00

Mon, 10 Aug 2015 22:42:43 -0700 

Anders, 

You are not alone. I, although one of the author of JWS, am very sympathetic
to the needs of the financial community. My work originally started from the
needs to sign a JSONized financial transaction data. Having said that, ASCII
armoring came pretty early in the course, much before JOSE WG was
established because of the difficulty of 
    a) generally assuming intermediate will not alter the content; and 
    b) generalized canonicalization of JSON.  
We opted to accept the model that the output of JWS is to be consumed by
human being through an application and not as a text instead of dealing with
the problems above. 

I still think b) is hard, but in a closed environment, a) is not that hard. 
That is where jws-signing-input-options would be useful, IMHO. 

-- 
Nat Sakimura <[email protected]>
Nomura Research Institute, Ltd. 

PLEASE READ:
The information contained in this e-mail is confidential and intended for
the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified
that any review, dissemination, distribution or duplication of this message
is strictly prohibited. If you have received this message in error, please
notify the sender immediately and delete your copy from your system.

> -----Original Message-----
> From: jose [mailto:[email protected]] On Behalf Of Anders Rundgren
> Sent: Tuesday, August 11, 2015 2:07 PM
> To: Jim Schaad <[email protected]>; [email protected]
> Subject: Re: [jose] Payment Perspective on
> draft-jones-jose-jws-signing-input-options 00
> 
> On 2015-08-10 23:00, Jim Schaad wrote:
> > I am just not interested in this I guess.
> 
> Yes, the JOSE WG have more or less unanimously decided to ignore the needs
of
> the financial community who wants to sign JSON objects [1] rather than
signing
> arbitrary data using JSON-based signature containers.
> 
> Anders
> 
> 1] Although entirely different with respect to JSON normalization, the
following
> independently developed schemes proposals seem to support this statement:
> 
>
https://web-payments.org/specs/source/vocabs/security.html#GraphSignature20
> 12
>
https://cyberphone.github.io/openkeystore/resources/docs/jcs.html#Sample_Si
> gnature
> 
> _______________________________________________
> jose mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/jose

_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to